Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/hvRji0srt2xzuGPCOIdVpgVYkIs.roa
File:                     hvRji0srt2xzuGPCOIdVpgVYkIs.roa (raw, json)
Hash identifier:          tHRTHRU2iKdBIAtq5oC+6kPNFfxNl7qOeHEyE2negQA=
Subject key identifier:   86:F4:63:8B:4B:2B:B7:6C:73:B8:63:C2:38:87:55:A6:05:58:90:8B
Certificate issuer:       /CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
Certificate serial:       018CC4254789037CA9DD79E4D8A410A0F50D
Authority key identifier: A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/hvRji0srt2xzuGPCOIdVpgVYkIs.roa
Signing time:             Mon 01 Jan 2024 08:30:26 +0000
ROA not before:           Mon 01 Jan 2024 08:30:26 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     212567
IP address blocks:        46.226.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Tue 25 Jun 2024 04:01:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:c4:25:47:89:03:7c:a9:dd:79:e4:d8:a4:10:a0:f5:0d
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=a487782e3f70c5cd27b32f5274d0e5bc62e95caf
        Validity
            Not Before: Jan  1 08:30:26 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=86f4638b4b2bb76c73b863c2388755a60558908b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:dc:06:6b:76:5f:99:14:48:fc:53:36:fb:ea:
                    33:ec:46:41:b2:8f:b0:4b:8d:b7:d2:a1:0b:cc:7a:
                    73:36:d3:1d:5c:b4:a7:3b:a2:cc:d3:b0:6d:3e:8e:
                    42:69:59:c5:dc:14:2a:5d:ba:c9:a5:93:15:e2:f7:
                    f2:a7:ec:bb:36:60:13:e8:19:8f:90:db:55:39:a9:
                    1f:71:13:7f:33:5d:a1:60:71:33:35:11:16:97:c2:
                    dc:ab:b0:42:0b:b9:04:1e:06:c2:50:4b:85:79:18:
                    1b:fb:cb:d5:ac:5b:35:40:41:ef:c7:ae:86:22:7a:
                    19:c5:46:d1:58:2d:32:d5:10:04:39:e0:3d:42:13:
                    2a:10:73:66:30:b0:34:4f:5a:d5:79:31:47:38:c9:
                    a0:03:0f:35:12:fa:45:78:75:d9:c1:f5:b2:8d:f2:
                    1d:10:09:d2:81:0e:06:66:92:f8:ed:da:e2:01:7f:
                    75:1b:0f:b5:21:e2:e1:fd:28:20:2d:4f:d7:60:d2:
                    61:88:75:4e:f1:ae:fd:15:54:6a:78:c3:52:45:c9:
                    08:bc:f8:18:5c:9e:0d:9f:fc:10:de:a7:ff:dc:15:
                    73:aa:e8:0f:6b:1f:85:e9:c1:91:c6:53:f6:80:75:
                    b4:ea:89:f4:81:53:2c:f0:8f:3a:bc:30:c8:05:a2:
                    c1:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:F4:63:8B:4B:2B:B7:6C:73:B8:63:C2:38:87:55:A6:05:58:90:8B
            X509v3 Authority Key Identifier:
                keyid:A4:87:78:2E:3F:70:C5:CD:27:B3:2F:52:74:D0:E5:BC:62:E9:5C:AF

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/pId4Lj9wxc0nsy9SdNDlvGLpXK8.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/hvRji0srt2xzuGPCOIdVpgVYkIs.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/4f/bef6e8-8873-4529-8e72-238c6d8a4c17/1/pId4Lj9wxc0nsy9SdNDlvGLpXK8.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.226.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         15:f2:bb:e7:eb:81:b1:24:3d:b7:58:de:1c:b9:ed:75:7b:b0:
         4d:ed:6d:c1:d6:c3:44:04:02:59:50:c5:ad:9c:3b:aa:62:cf:
         7a:dd:d6:0a:12:5e:f4:3b:bc:fd:4b:76:bf:cd:9b:cd:27:ad:
         54:c6:f5:67:ee:9a:cc:92:b4:4a:d8:05:d9:41:04:39:6b:c5:
         18:4a:e7:87:38:13:58:24:a7:9d:48:25:85:d2:b7:6a:7d:29:
         9c:d2:3e:73:01:fe:4e:0b:94:0d:bc:e7:3c:15:23:86:63:de:
         3b:9d:e8:91:ea:5d:75:a9:93:1f:a4:93:e4:01:89:97:3f:73:
         27:aa:5c:e5:6c:2a:a1:a0:cd:41:1c:c3:4a:ed:a0:ae:9a:18:
         cc:aa:8e:a8:2f:73:6f:81:54:7c:3c:7a:99:bd:6b:af:f6:c2:
         aa:4c:73:12:75:2b:f9:c3:13:ee:10:0b:5c:ee:2d:3c:99:82:
         a4:b0:e6:bd:46:8a:7a:aa:5d:45:4d:e3:7f:e8:82:66:c9:41:
         05:d5:33:45:e3:53:de:fd:75:6f:75:d3:e0:e5:51:84:58:b9:
         21:6c:d9:19:ef:f4:7b:ea:00:06:ee:29:55:f7:72:5e:b6:01:
         66:6a:2d:f2:03:cd:06:7a:26:17:e8:a7:a0:6d:2d:48:ae:3e:
         47:13:61:44
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzEJUeJA3yp3Xnk2KQQoPUNMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGE0ODc3ODJlM2Y3MGM1Y2QyN2IzMmY1Mjc0ZDBlNWJjNjJl
OTVjYWYwHhcNMjQwMTAxMDgzMDI2WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4NmY0NjM4YjRiMmJiNzZjNzNiODYzYzIzODg3NTVhNjA1NTg5MDhiMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAutwGa3ZfmRRI/FM2++oz7EZBso+w
S4230qELzHpzNtMdXLSnO6LM07BtPo5CaVnF3BQqXbrJpZMV4vfyp+y7NmAT6BmP
kNtVOakfcRN/M12hYHEzNREWl8Lcq7BCC7kEHgbCUEuFeRgb+8vVrFs1QEHvx66G
InoZxUbRWC0y1RAEOeA9QhMqEHNmMLA0T1rVeTFHOMmgAw81EvpFeHXZwfWyjfId
EAnSgQ4GZpL47driAX91Gw+1IeLh/SggLU/XYNJhiHVO8a79FVRqeMNSRckIvPgY
XJ4Nn/wQ3qf/3BVzqugPax+F6cGRxlP2gHW06on0gVMs8I86vDDIBaLB1QIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIb0Y4tLK7dsc7hjwjiHVaYFWJCLMB8GA1UdIwQY
MBaAFKSHeC4/cMXNJ7MvUnTQ5bxi6VyvMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzIt
MjM4YzZkOGE0YzE3LzEvaHZSamkwc3J0Mnh6dUdQQ09JZFZwZ1ZZa0lzLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC80Zi9iZWY2ZTgtODg3My00NTI5LThlNzItMjM4YzZkOGE0YzE3
LzEvcElkNExqOXd4YzBuc3k5U2RORGx2R0xwWEs4LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQALuJ/MA0G
CSqGSIb3DQEBCwUAA4IBAQAV8rvn64GxJD23WN4cue11e7BN7W3B1sNEBAJZUMWt
nDuqYs963dYKEl70O7z9S3a/zZvNJ61UxvVn7prMkrRK2AXZQQQ5a8UYSueHOBNY
JKedSCWF0rdqfSmc0j5zAf5OC5QNvOc8FSOGY947neiR6l11qZMfpJPkAYmXP3Mn
qlzlbCqhoM1BHMNK7aCumhjMqo6oL3NvgVR8PHqZvWuv9sKqTHMSdSv5wxPuEAtc
7i08mYKksOa9Rop6ql1FTeN/6IJmyUEF1TNF41Pe/XVvddPg5VGEWLkhbNkZ7/R7
6gAG7ilV93JetgFmai3yA80GeiYX6KegbS1Irj5HE2FE
-----END CERTIFICATE-----